Prerequisites

2) Obtain a personalization code from your Qualys subscription for a new Virtual Scanner Appliance

Network Requirements

1) For single-network scanning, ensure the destination network for LAN is configured to allow outbound HTTPS (port 443) access to the internet for communicating with the Qualys Cloud Platform.

2) For split-network scanning, ensure the destination network for the WAN is configured to allow outbound HTTPS (port 443) access to the internet for communicating with the Qualys Cloud Platform.

3) While conducting a scan, the virtual scanner sends probes to target assets, i.e. hosts and/or web applications. The virtual scanner must be placed in a network where it can access the target assets for scanning.

Powering on the Virtual Scanner Appliance

Once you power on the Virtual Scanner Appliance, the Qualys service completes the activation process. It may take a few minutes for this activation to complete. The virtual scanner attempts to make a connection to the Qualys platform using its current configuration (network and proxy settings).

We recommend the following steps to check the appliance status within VMware vCenter:

You will see system messages within the console during the startup and activation process. You will see the friendly name and IP address after the appliance successfully connected to the Qualys Cloud Platform. This also means the virtual scanner is ready to be used for scanning. If a network error appears, you need to troubleshoot the issue at this time.

Step 2: Check the network settings

Press Enter to access the main menu. (Tip: Use the Up and Down arrows to navigate the menu.) Press the Right arrow to display the network settings configured for the virtual scanner. Press the Left arrow to return to the main menu.

Step 3: Check the scanner status in Qualys

To confirm that the scanner is ready to use, check the virtual scanner status in Qualys. Go to Scans > Appliances, and find your scanner in the list. Check that the scanner's status is Connected.

Tip - It can take several minutes for the Qualys user interface to get updated after you add a new appliance. Please refresh your browser periodically to ensure that you are seeing the most up to date details.

Enabling WAN for Split Network Configuration

If the virtual scanner appliance is already deployed and you would like to enable WAN for split-Network scanning configuration, the Destination Network settings need to be first configured on the virtual machine’s hardware settings and then in the vApp option.

We recommend the following steps to enable split-network scanning configuration within VMware vCenter:

Step 1: Log into vCenter and power off the Virtual Scanner Appliance

Power off the virtual scanner appliance.

Step 2 : Edit the Virtual Scanner Appliance Hardware Settings

Modify the network adapters’ destination networks. For split-network setting, Network Adapter 1 should be set to the LAN destination network and Network Adapter 2 should be set to the WAN destination network.

Step 3: Edit the Virtual Scanner Appliance vApp Options

Modify the virtual scanner appliance's vApp options as appropriate.

Enable_WAN_Interface

Click on Enable_WAN_Interface and then click on ‘Set Value’. Toggle on to enable.

LAN_Network_Name and WAN_Network_Name

Update destination networks for LAN_Network_Name and WAN_Network_Name. Their destination network should match the virtual scanner’s hardware settings set in Step 1. To modify the destination network, click on ‘LAN_Network_Name’ and then ‘Edit’. Repeat the same step for ‘WAN_Network_Name’.

It is imperative that you set the virtual scanner’s hardware network settings first, as mentioned in Step 1, and then in the vApp option for it to take effect.

Step 4: Power on the Virtual Scanner Appliance

Power on the virtual scanner appliance.

Changing Network Adapter Settings

If you need to modify the destination networks for the network adapters, you would need to update both the virtual appliance hardware settings and in the vApp options.

We recommend the following steps to modify the destination networks within VMware vCenter:

Step 1: Log into vCenter and power off the Virtual Scanner Appliance

Power off the virtual scanner appliance.

Step 2: Edit the Virtual Scanner Appliance Hardware Settings

Modify the network adapters' destination networks as appropriate.

Step 3: Edit the Virtual Scanner Appliance vApp Options

Modify the virtual scanner appliance's vApp options as appropriate.

Update destination networks for LAN_Network_Name and/or WAN_Network_Name. Their destination network should match the virtual scanner’s hardware settings set in Step 1. To modify the destination network, click on ‘LAN_Network_Name’ and/or ‘WAN_Network_Name’ and then ‘Edit’.

It is imperative that you set the virtual scanner’s hardware network settings first, as mentioned in Step 1, and then in the vApp option for it to take effect.

Before you can go ahead and download a virtual scanner, you will need the following :

- A license to obtain one or more virtual scanner (Your Qualys TAM can assist) for your subscription.

Most times, when customer enablement approves a scanner, it then gets provisioned into your subscription and you can then go and download it.

To download the Qualys EVSA, log into your subscription as a manager, navigate to VM module followed by the "Scans" menu and the "Appliances" tab.

Then click the button "New", followed by "Virtual Scanner Appliance". At this stage you need to make a selection. Select "Download image only" and select the one that works for your deployment. A screenshot is attached.

A VHD refers to the Microsoft Hyper-V Virtual machines, so you may choose that if you wish to deploy it on MS Hyper-V.